From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=euUm=P7=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E9ED9C43219
	for <linux-mm@archiver.kernel.org>; Fri, 12 Nov 2021 19:15:05 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id A766260FE7
	for <linux-mm@archiver.kernel.org>; Fri, 12 Nov 2021 19:15:05 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A766260FE7
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 3A3656B0075; Fri, 12 Nov 2021 14:15:05 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 351E46B0078; Fri, 12 Nov 2021 14:15:05 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 240996B007B; Fri, 12 Nov 2021 14:15:05 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0198.hostedemail.com [216.40.44.198])
	by kanga.kvack.org (Postfix) with ESMTP id 16E936B0075
	for <linux-mm@kvack.org>; Fri, 12 Nov 2021 14:15:05 -0500 (EST)
Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id C14AC7DC86
	for <linux-mm@kvack.org>; Fri, 12 Nov 2021 19:15:04 +0000 (UTC)
X-FDA: 78801230928.02.05605E8
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by imf13.hostedemail.com (Postfix) with ESMTP id C274D1051B13
	for <linux-mm@kvack.org>; Fri, 12 Nov 2021 19:14:52 +0000 (UTC)
Received: by mail.kernel.org (Postfix) with ESMTPSA id 47A9D60F0F;
	Fri, 12 Nov 2021 19:15:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1636744503;
	bh=he4nr5Zv1gj4KhLHrTt/kC3kiKokVah8k8LJvlxoIRI=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=kU7HDMriA9hhIsiB0T9A9b+mcLYld4tLHPl2C9DwU/nD5vae/RmDMSCpv66q/G12y
	 ul4lU4/LmdD7OddSFchAgI52Gdy+L5UEVLSyPkRsRJTfc10OfKuo1f0epLGQXN0R+G
	 1cNa3K/AYNOUf6lxyLOjGjffTKvVcg9jTuujT143VcQJA5lGVagdXrTD4pcol0UJRo
	 ABdgqB72Q3O0pGUykGDPmqps8j1ZTYn3yxmOlvY92/cnPrhfBZJcrpDF0ULz3tzxCH
	 mbxf7Mhw6JH7anfDf9YyYoIZD9LWVO0W0oRixyXXg2LDm7VNLtFk4wpLdl65HazcxA
	 0YmnomMJh2zow==
Date: Fri, 12 Nov 2021 11:15:01 -0800
From: Eric Biggers <ebiggers@kernel.org>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: tytso@mit.edu, corbet@lwn.net, viro@zeniv.linux.org.uk,
	hughd@google.com, akpm@linux-foundation.org,
	linux-fscrypt@vger.kernel.org, linux-doc@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC][PATCH 2/5] fsverity: Revalidate built-in signatures at
 file open
Message-ID: <YY69NaucW+0t474Q@gmail.com>
References: <20211112124411.1948809-1-roberto.sassu@huawei.com>
 <20211112124411.1948809-3-roberto.sassu@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211112124411.1948809-3-roberto.sassu@huawei.com>
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=kU7HDMri;
	spf=pass (imf13.hostedemail.com: domain of ebiggers@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=ebiggers@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: C274D1051B13
X-Stat-Signature: 6pqcyimni9a7ukaoq5xakcpitu1hxptx
X-HE-Tag: 1636744492-391206
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Nov 12, 2021 at 01:44:08PM +0100, Roberto Sassu wrote:
> Fsverity signatures are validated only upon request by the user by setting
> the requirement through procfs or sysctl.
> 
> However, signatures are validated only when the fsverity-related
> initialization is performed on the file. If the initialization happened
> while the signature requirement was disabled, the signature is not
> validated again.

I'm not sure this really matters.  If someone has started using a verity file
before the require_signatures sysctl was set, then there is already a race
condition; this patch doesn't fix that.  Don't you need to set the
require_signatures sysctl early enough anyway?

- Eric